Following the lead of an influential congressman, the White House announced the CIO Council’s withdrawal from security-vendor-funded CISO Exchange.
Count the federal CIO Council as the latest government institution to rapidly retreat from the nascent but ill-fated Chief Information Security Officers Exchange because of fund-raising practices.
Karen Evans, the administration’s top IT official, said in a White House statement issued Thursday that she accepts the CIO Council’s recommendation to withdraw from the CISO Exchange, a privately financed group headed by government IT experts to help develop practices to improve cybersecurity. Evans said she’s asking the CIO Council’s best-practices committee to develop ways to improve weak cybersecurity scores among federal departments and agencies.
“While we firmly support the CISO Exchange’s objective of improving the federal government’s security posture and improving cybersecurity scorecard grades, we believe the most appropriate context for doing so is through the [CIO Council’s] best-practices committee,” said Evans, administrator for E-government and IT in the White House Office of Management and Budget. The administrator also chairs the CIO Council, a group composed of the CIOs of major federal departments and agencies.
If the government hadn’t withdrawn from the exchange, the fellows would have served on the advisory board with CIO Lisa Schlosser of the Department of Housing and Urban Development and CISOs Dennis Heretick of Justice, Robert Lentz of Defense, Jane Scott Norris of State, and Robert West of Homeland Security.
Evans’ comments came nearly a week after House Reform Committee chairman Tom Davis, R.-Va., announced his withdrawal of support for the CISO Exchange because of the way the group solicited money from vendors to support its operations. The CISO Exchange was to hold quarterly education meetings as well as produce a report on federal IT security priorities and operations.
Earlier this month, the CISO Exchange established a $75,000 fee for companies to join as an industry member of its advisory board, with lower-level memberships ranging from $5,000 to $25,000. Critics say the fee scheme gives the impression that vendors could pay to gain access to top government officials who decide on IT budgets and purchases.
A Davis spokesman suggested the pay structure reeks of payola and said the chairman wasn’t involved in any decision on how to finance the exchange’s activities. “We did not know anything about play to pay,” the spokesman said. “We had no role in or input in any fees.”
The idea of the exchange came from Stephen O’Keefe, whose public-relations firm manages the CISO Exchange, the spokesman said. O’Keefe said he didn’t see a problem with the way the organization was to raise money since government IT officials have participated in IT-industry-financed organizations for years.
Indeed, government IT leaders actively participate in events sponsored by groups such as the Industry Advisory Council, which is financed by technology vendors, as well as trade shows sponsored by publications that solicit tens of thousands of dollars in sponsorships from IT companies. “It’s one thing to have a business pay for a lunch, but another to exclude interested parties with exorbitant fees,” the spokesman said.
The Industry Advisory Council is considering taking over CISO Exchange activities.
In February, with much fanfare, Davis and the CIO Council revealed the formation of CISO Exchange, which was to be co-chaired by Justice Department CIO Vance Hitch, head of the CIO Council’s cybersecurity and privacy committee, and a top aide to Davis, Melissa Wojciak, staff director of the House Government Reform Committee. The committee provides oversight to government IT.
At that time, another Davis aide said the congressman didn’t see a problem with businesses funding a government group, pointing out that government procurement laws and regulations require multiple bidders, so companies financing the exchange won’t have undue influence on federal IT officials. Said Drew Crockett, the House panel’s deputy communications director, “Statutes are in place to prohibit cronyism.”
How exclusive was industry board membership? According to the exchange, only six fellows would have served on the advisory board for one-year terms.
According to a press release posted on the exchange’s Web site, two industry fellows were named earlier this month to its advisory board: Austin Yerks, president of business development-federal sector at IT services firm Computer Sciences Corp., and Ken Ammon, president and co-founder of IT security services provider Network Security Technologies Inc., also known as NetSec.
A brochure on the Web site touts the closeness between the fellows and federal CIOs. “The CISO Exchange advisory board meets face to face quarterly and communicates on an ongoing basis through online dialogue,” the brochure reads. “CISO Exchange fellows roll up their shirtsleeves to work side by side with federal CISOs to develop innovative solutions to federal IT security challenges.”